The Five Pillars of Network Access Control (NAC) Needed to Enforce BYOD

Date: 30 Jun 16

Paul Donovan outlines the main questions to ask when choosing a NAC solution to work alongside a BYOD policy while protecting the network.

In its latest Market Guide to Network Access Control (NAC), Gartner states that monitoring and enforcing BYOD is one of the primary drivers for organisations to invest in NAC. As BYOD has become increasingly popular and indeed expected by employees, the need for it has, in turn, become more accepted within the enterprise community. But BYOD today, encompassing employees, plus guests and contractors all with various device types connecting from numerous different locations, presents an enormous risk to the enterprise and puts access control at the forefront of an enterprise's IT security strategy.

So what should enterprises consider when choosing a NAC solution to help monitor and enforce BYOD? There are five major considerations including whether the solution is context-aware, vendor agnostic, easy-to-deploy and use, meets regulatory compliance and whether it can all be seen in one place.

1. Context-aware security:

Context-aware security monitors a host of situational information involving the user and the device, where they are geographically, what they are trying to access and if this behaviour is usual, or not. This information allows the system to make informed decisions about whether to grant access from personal and remote devices, or not, which is the key to a successful BYOD policy.

For example, it might not allow access to a device that is not in the same location as another device belonging to the same user. Or, it might allow some access to a user logging in over public Wi-Fi but restrict access to certain files or parts of the network. Because the nature of BYOD means that you can't physically see what users are doing, arming the organisation with as much information as possible, in as usable a way as possible, will help your chances of allowing access which is needed for productivity while also avoiding a data breach.

2. Vendor agnostic solution

Solutions that are vendor-agnostic will often be easier to deploy and manage in the short and long term as they will be compatible with the leading technologies that the organisation is already using. Technologies such as wired or wireless infrastructure, firewalls, or other third party network or security solutions will often need to interact with a NAC solution in some way. Deploying a NAC solution that's not compatible with these kinds of existing technologies will likely significantly lengthen and complicate the deployment process and potentially be much more expensive, at least in terms of resource.

3. Easy-to-deploy and use

Like all technology solutions, ones that are not easy-to-deploy or use will quickly fail. This is especially true when it comes to BYOD with Gartner predicting that 20 percent of BYOD programmes will fail this year because of policies that are too restrictive. Factors like how intuitive the admin interfaces are, are set-up wizards included in the solution, and how easy is the on-boarding process when done remotely, are all real and important questions when choosing a NAC solution.

Options that include self service on-boarding that configures devices with settings and software for Wi-Fi, VPN etc will allow IT teams with tech-savvy employees to have minimum touch and maximum control. Equally, the ease of self-registration of the NAC solution for guests who are bringing their own devices into your premises and onto your networks will also free up IT resource while still protecting the network. And of course, solutions that provide users with seamless remote access that doesn't negatively impact productivity will be popular with employees who are then unlikely to either need or want to find workarounds to security protocols that almost always put the organisation at risk.

4. Regulatory compliance

Regardless of what industry you're operating in, it's likely that there are at least some regulations and compliance that you need to adhere to. In order to future-proof your business's technology solutions, you should consider a NAC solution that adheres to the toughest government standards with FIPS 140-2 compliance and a Common Criteria assurance level of EAL3+. And with the EU GDPR coming into force in less than two years, now is certainly the time to make sure your i's are dotted and your t's are crossed if you operate or have customers in countries adopting European Union regulations.

5. Centralised management

And finally, a NAC solution with one central management console that gives the IT security team end-to-end visibility from endpoints to appliances and converged policy management for remote, mobile, and campus access security, is going to be a popular choice among those who can make or break the success of BYOD solutions.

There is no doubt that BYOD is here to stay but this acceptance doesn't mean that organisations are automatically equipped to offer the policy; the right security solutions must be in place for BYOD to be deployed and managed successfully. Giving the IT security team the right tools to control access rights to the network is one of the major solutions that will help to allow successful BYOD programmes while mitigating the risks associated with these programmes.